Why does the ACFE produce this report? And why is it produced every two years, as opposed to every year?

The Report is produced to educate ACFE members and the general public about the threat of occupational fraud. There is very little research that has been done historically on this subject in terms of trying to quantify losses, identify fraud methods and examine the characteristics of perpetrators and victims. We believe that by studying past cases of occupational fraud we can learn valuable lessons that will help us do a better job of preventing and detecting these crimes in the future.

We produce the Report on a bi-annual basis because it takes a great deal of time and commitment to develop a study of this quality. The ACFE research team spends months developing the survey, compiling the data, reading every case that is submitted, analyzing the data and preparing the final report.  In addition, we ask a lot of our members who provide the information about cases they have investigated. The survey we send them is very detailed and asks for a great amount of information on their cases (I should note here that we do not gather any information on the victims or perpetrators of the fraud – all data gathered is completely anonymous).  The report is not possible without the contribution of our members and we’re very conscious of not over-burdening them by asking for too much of their time. We also feel that if we were to do our survey every year, we would likely get a lower number of responses each year, and one of the main values of the report is the amount of case data we’re able to present, which lends credibility to our findings. In the end, we think doing the survey every two years strikes a good balance between the demands on our members, the number of responses we expect to receive and the goal of providing fresh, relevant statistics.

How do fraud studies, such as this one, help businesses in the fight against workplace fraud?

The more we know about how past fraud schemes were committed, who committed them, how they were detected and what characteristics the fraudsters displayed, the better we will be prepared to deal with future frauds.  The report also serves a valuable purpose in terms of raising awareness and educating organizations about how large the threat of occupational fraud is. There is still a feeling among many organizations that occupational fraud is something that happens to the other guy, not to them.  In the last ten years that attitude is not as strong as it used to be – fraud awareness has definitely risen – but it is still there. Looking at a study like the Report to the Nations will hopefully get an organization to realize that the benefits of investing in fraud prevention and detection outweigh the risks of ignoring the problem. The median loss among fraud cases in our study was $140,000. Over 20% of those cases caused at least $1 million in losses. It’s not good business to ignore those numbers.

How would you like to see companies use the information in this study? Can you give an example of how a company could use a certain finding from the study to reduce fraud?

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

What we have tried to do is to provide our fraud data broken out in dozens of different ways so it will be meaningful to as wide an audience as possible. Do you want to know how most frauds are detected? That is in the report – the most common way to detect a fraud is by a tip, and organizations with hotlines and employee fraud training tend to suffer lower losses.  So a company could look at that and say, “We need to encourage our employees, customers and vendors to report fraud when they have suspicions. That will give us the best chance of detecting fraud and limiting losses. “

But beyond high level analyses like that, an organization can drill down to more specific data, like what were the most common schemes in its industry. Which departments within an organization tend to generate the most occupational fraud schemes or the highest losses, and what are the most common forms of fraud within those departments? So if you are concerned about fraud risk in your accounting department, for instance, you can see what types of fraud occur most often in the accounting department. Or you could look at how frauds differ depending on the perpetrator’s position of authority. You could also look at the controls our victim organizations had at the time of their frauds. We compare companies that have certain controls versus those that don’t, which gives us some measure of how effective a specific anti-fraud control might be. For example, organizations that conducted surprise fraud audits experienced much lower median losses and caught frauds much more quickly than those without surprise audits.  This type of data can help an organization determine which types of anti-fraud controls might be most effective. That’s very important because it allows organizations to be efficient in how they spend their anti-fraud dollars.

What are some of the most surprising findings that came out of the 2012 study?

Perhaps the most surprising thing we learned is how similarly fraud affects organizations regardless of the country in which the fraud occurs. We had cases reported from nearly 100 countries, and when you look at the trends, with a few exceptions, the demographics of the fraud offenders and the victims remain very consistent across all regions.  This tells us that occupational fraud is truly a global problem and it’s likely why ACFE’s membership outside the United States has grown so significantly over the last few years. An auditor or CFE in Asia is likely dealing with the same issues and circumstances as his counterparts in the U.S., Europe, South America and so on.

Another very surprising finding was our analysis of the behavioral red flags that fraud offenders demonstrate before they are caught.  We have previously identified 16 common behavioral characteristics of occupational fraudsters – things like living beyond their means, frequent complaints about poor pay, experiencing personal or family problems, and so on.  When we look at the cases in our study, we see that in 81% of those frauds, at least one and often several behavioral red flags had been exhibited before the fraud was discovered. What’s more, the frequency of these red flags in our 2012 study was very, very similar to the frequency when we performed the same analysis in 2010 and 2008.  In all three studies, about 37% of fraudsters were living beyond their means, about 30% were undergoing personal financial difficulties, about 20% had an unusually close association with a vendor or customer and about 19% exhibited strong control issues or an unwillingness to share their duties.

So what we have is three entirely different sets of frauds, committed by three different sets of fraud offenders, and yet the distribution of behavioral red flags was extremely similar. We think this finding could be important in helping organizations identify non-financial indicators of fraud. For instance, if managers and auditors were better trained to identify these behavioral red flags then that information – combined with audits and other anti-fraud measures – could potentially help catch frauds much earlier and limit losses.

What findings were to be expected and why?

One of the hallmarks of the Report to the Nations is that the data on losses, detection, and perpetrator/victim profiles has been largely consistent through the years. We believe this lends a great deal of credibility to our findings. As just one example, in every study we’ve done dating back to 2002, the most common way frauds are detected is by a tip. Generally, tips account for detection in about 40-45% of all cases, whereas the next-most-common method usually accounts for only about 15% of cases.  We’ve seen this result now in six consecutive studies covering a 10 year period. The consistency of those findings makes it pretty hard to deny that tips are the most effective way to detect occupational fraud.

Yet when we look at the controls our victim organizations had in place, only about half of those organizations had a hotline and less than half had conducted any sort of anti-fraud training for their managers or employees (and the numbers are much lower for small businesses, which are especially vulnerable to fraud).  If you want to maximize employee tips, which in turn should make you better equipped to detect frauds early, the two most important steps are: (1) train your employees on how to recognize and report fraud, and (2) provide a safe, anonymous mechanism where employees can make reports without fear of retaliation. Our data pretty clearly shows that if you work to encourage fraud tips, you’ll do a better job of limiting losses, yet not nearly enough organizations are doing this.

Do you have any ideas about how fraud statistics are likely to trend over the next few years?

It’s hard to say, but based on what we know right now I can virtually guarantee you that when we conduct our next study we will find – as we have in the past – that the best way to detect a fraud is by a tip, that small businesses are disproportionately affected by fraud, that organizations with anti-fraud controls in place have much lower losses and catch frauds much more quickly than those without, and that roughly 85-90% of occupational fraudsters are first time offenders. These findings have been so consistent over the years that it would be shocking to see a big change at this point.

Should companies place less emphasis on background checks, considering the fact that 87% of the fraudsters in the study were first time offenders?

No.  It is true that only about 6% of occupational fraudsters in our study had a prior conviction, and we do know that most occupational fraudsters are first time offenders, but background checks are still an important part of an employee screening process. For one thing, our study doesn’t measure how many potential fraudsters were weeded out of the victim organizations by criminal background checks that led to them not being hired in the first place. But more importantly, we believe that background checks should do more than simply focus on past criminal histories.  When you look at our red flags data – as well as most other research on occupational fraudsters – you’ll see that financial pressures are often closely related to these schemes.  We believe it’s prudent to conduct credit checks as well as criminal background checks on new applicants, to identify potential employees who might be at high risk for fraudulent behavior.

It’s important to emphasize a couple of points here. First, we are absolutely NOT saying that any employee with bad credit is going to commit fraud, nor are we recommending that organizations refuse to hire those with poor credit. Second, some states and jurisdictions restrict the use of credit checks for pre-employment purposes, and an organization should absolutely not utilize a pre-employment credit check for any purpose not allowed by law.  There is some concern about the use of pre-employment checks for potentially discriminatory purposes and we do think it is important that organizations understand how to use background checks in a legal and fair manner.  A poor credit score should never be the reason a person does or does not get a job. But the information on a credit report can be very useful when combined with the information on the candidate’s resume, employment history, personal references, criminal history and so on, to help an employer make a smart hiring decision.

What is the most important thing every company should do today to reduce fraud?

First and foremost, make sure you and everyone in your organization understands that fraud is a huge risk, and know where you are vulnerable. Establish anti-fraud controls that address your particular risks, and then make sure everyone in the organization adheres to them. One of the most common things we see in our study is a victim organization that had set up an internal control structure but allowed employees or managers to circumvent or override those controls.

Beyond the basics of having strong internal controls, you need to educate your employees and managers about fraud so they know when to report suspicious behavior, and why it is important to do so. It’s also a good idea to establish an anti-fraud policy or a code of conduct, which makes it clear to all employees the kinds of conduct that are and are not tolerated by the organization. This will help employees stay away from gray areas where they could potentially veer into unethical or illegal behavior. Setting this kind of tone at the top is very important.  And finally, have a mechanism in place so that employees, vendors and customers can report fraud anonymously, so they won’t fear retaliation.